Microsoft has released its security updates for April 2024. This month, a few vulnerabilities are potentially impacting Always On VPN administrators. Specifically, three updates address issues with the Windows Server Routing and Remote Access Service (RRAS). In addition, vulnerabilities affect the Remote Access Connection Manager (RasMan) service, affecting both VPN servers and clients.

RRAS

Windows Server Routing and Remote Access (RRAS) has three security updates available this month. All three are Remote Code Execution (RCE) vulnerabilities but require user interaction to exploit the vulnerability. All three updates are rated as Important.

CVE-2024-26179

CVE-2024-26200

CVE-2024-26205

RasMan

In addition to the vulnerabilities in RRAS, Microsoft announced numerous updates for vulnerabilities discovered in the Remote Access Connection Manager (RasMan) service. These vulnerabilities are related to information disclosure via buffer overruns. These updates affect both Windows RRAS servers and Windows Always On VPN clients. All updates are rated as Important.

CVE-2024-26207

CVE-2024-26211

CVE-2024-26217

CVE-2024-26255

CVE-2024-28900

CVE-2024-28901

CVE-2024-28902

Recommendations

While none of these vulnerabilities are critical, Always On VPN administrators are urged to update their affected systems soon.

Additional Information

April 2024 Security Updates